Social network Path runs into storm of protest

It’s the privacy snafu that will not die. A day after a developer discovered that mobile social network Path was storing users’ entire address books on its servers, the start-up seemed to have defused the incident by apologising and deleting all the personal data it had stored.

But now Gawker’s Ryan Tate has published an e-mail he got from Path CEO Dave Morin back in 2010 in which the CEO acknowledges that his company looks through your contacts in order to suggest connections, but made it explicitly clear that Path “does not retain or store any of your information in any way”.

That’s the opposite of what he said on Wednesday in his apology, when he noted that Path users’ contacts, including phone numbers, names, e-mails and addresses, were all “stored securely on our servers using industry-standard firewall technology”.

TechCrunch reports that Path 1.0 didn’t have the “Add Friends” feature, and that Morin wasn’t lying since Path didn’t store user data then. This is a little confusing, since the e-mail was prompted by a Dave Winer post, where he called out Path’s uncannily accurate suggestions for which friends to follow.

But it is clear from this e-mail that Morin was being disingenuous in his apology when he wrote: “Through the feedback we’ve received from all of you, we now understand that the way we had designed our ‘Add Friends’ feature was wrong. We are deeply sorry if you were uncomfortable with how our application used your phone contacts.”

Morin knew when he wrote to Tate in 2010 that users were not comfortable with the idea of Path storing their contacts. So he went out of his way to make clear that it didn’t. When Path made that change, it never alerted users, an oversight for which the company is now being forced to answer. — Ben Popper, VentureBeat